
package com.yuke.cloud.service.tmc.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

import javax.servlet.http.HttpServletResponse;

/**
 * The class Resource server config.
 *
 * @author
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
	@Value("${spring.profiles.active}")
	private String env;//当前激活的配置文件

	@Autowired
	private PermitAllSecurityConfig permitAllSecurityConfig;

	@Override
	public void configure(HttpSecurity http) throws Exception {
		// mod by wg 20181217
		if ("dev".equals(env)) {  //开发环境不做验证
			http
					.headers().frameOptions().disable()
					.and()
					.csrf().disable()
					.exceptionHandling()
					.and()
					.apply(permitAllSecurityConfig)
					.and()
					.authorizeRequests().antMatchers("/").permitAll();
		}else {
			http
					.headers().frameOptions().disable()
					.and()
					.csrf().disable()
					.exceptionHandling()
					.authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
					.and()
					.authorizeRequests().antMatchers("/pay/alipayCallback", "/order/pay/notify", "/wxpay/notifyWeiXinPay",
					"/bill/billpay/AliNotify", "/bill/billpay/WxNotify","/druid/**", "/swagger-ui.html", "/swagger-resources/**", "/v2/api-docs", "/api/applications",
					"/mall/**", "/webSocketServer/**").permitAll()  // add by wg 20181221 APP不用登录也可以访问的接口,增加允许websocket访问
					.anyRequest().authenticated();
		}
	}
}
